據獨立遊戲記者Mellow_Online1透露,為Steam等平台提供雙重身份驗證(2FA)服務的通信供應商Twilio近日發生重大數據泄露事件。此次泄露涉及多項敏感資訊,包括:消息內容、消息發送狀態及送達狀態、詳細的元數據(如時間戳和收件人號碼)以及路由成本(發送每條消息的成本)。
Yesterday, an alleged major @Steam data breach occurred, compromising over 89 million user records (roughly two-thirds of all Steam accounts).
— Mellow_Online1 (@MellowOnline1) May 11, 2025
These datasets are being sold for over $5,000 on what appears to be a site akin to Mipped.
Mipped alongside their sister sites is a…
黑客可能利用這些數據實施精準釣魚攻擊,通過偽造看似真實的驗證資訊來誘騙用戶。更嚴重的是,若攻擊者能夠攔截或重放雙重認證代碼,將可能直接繞過平台的安全登錄機制。
Update: An update suggests that the alleged Steam data breach is not a direct breach of Steam itself, but rather a supply chain compromise — meaning an external service that Steam relies on was targeted.
— Mellow_Online1 (@MellowOnline1) May 11, 2025
Here's what we understand from this update:
New evidence confirms some…
需要特別說明的是,此次事件並非Steam平台本身遭到入侵,其內部伺服器和資料庫仍保持完好。但由於Steam的2FA系統依賴Twilio的簡訊服務,平台用戶仍可能面臨潛在的安全風險。
建議Steam用戶近期提高警惕,注意識別可疑驗證請求,並考慮啟用備用認證方式。
